WordPress GDPR Compliance Plugin Weakness Being Actively Exploited

Websites with the WordPress GDPR Compliance plugin connected are being hijacked by hackers. A weakness in the plugin is being abused, letting attackers change site settings and register new user accounts with admin rights.

The weakness can be distantly abused by unauthenticated users, several of whom have automated abuse of the weakness to capture as many sites as possible before the weakness is rectified.

The fault was recognized by safety scientists at Defiant, who noted that in a number of attacks, after abusing the fault the attackers have rectified the weakness. Defiant’s scientists propose that this method makes sure other hackers are avoided from hijacking compromised sites. In some instances, after access to a weak site is gained, a PHP webshell is uploaded to give the attackers complete control of the website. Some attackers have inserted in backdoors via the WP-Cron schedule. This way of attack makes sure perseverance of the backdoor.

Compromised websites can be utilized for phishing and other cheats, or the sites might have exploited kits uploaded to mutely download malware onto visitors’ appliances. An examination of compromised websites has not disclosed any payload at this phase. Defiant scientists suggest that the primary objective is to compromise as many sites as possible before the weakness is rectified. Compromised sites might be sold on or the attackers might be biding their time before the attack stage is started.

After WordPress became conscious that the WordPress GDPR Compliance plugin weakness was being vigorously abused in the wild, the plugin was detached from the official WordPress store and the developer was informed. A new variety of the plugin has now been issued and the plugin has been rebooted on the official WordPress store.

Any website proprietor that has the WordPress GDPR Compliance plugin fitted should make sure it is updated to variety 1.4.3, which was issued on November 7, 2018. Site proprietors must also check their sites for any indication of illegal changes and checks must be carried out to see if any new admin accounts have been generated.